James is referencing an article posted by the BBC on the recent news of Intel’s takeover of McAfee for 7.68 Billion. While I agree with James on Intel’s foray into hosting – of course hindsight is 20/20 – I disagree with his position on this particular deal and here’s why.

Despite the rapid growth over the last 15 years of PC’s, viruses are still problematic. Despite continual efforts at training the masses, viruses still are far too prevalent. Additionally the methods for exploitation continue to spread and evolve faster than the education can keep up with. For example, by now, the vast majority – save your grandmother – knows not to open executables sent via email (largely this practice is blocked at the email level anyway). A smaller, but still growing population have learned to not open attachments from people you don’t know. And yet viruses at times runs rampant.

The virus landscape has largely changed with a more sophisticated modern day virus writer. He/she is no longer malicious in their intent to infect your computer but instead often plant malware to consume and distribute private information on your computer. Certainly dangerous viruses still exist, but there’s less money in that.

Given that education can’t keep up (or thus far hasn’t proven to be able to keep up) with the changing exploits and security software saturation is still less than 100%, I see the move by Intel as a positive one. Imagine virus protection at the chip level. The virus uses the chip and it’s processing to do it’s damage. If the chip can refuse access to the virus, the virus is rendered ineffective.

In an environment with increasing questions/concerns about security threats, a chip maker who can offer it’s customers virus protection has a significant advantage over it’s competitors. Additionally, every computer has a CPU and saturation into the market would be swift as computers with this technology would be introduced into the market as people replaced their old PC’s.

In an interesting twist to this story, I could see Microsoft having interest in this particular marriage. Largely portrayed by many as insecure, a chip with protection renders the discussion about OS security potentially moot. Whether Microsoft would admit to it or not, it has skin in this game.

Overall, I think Intel’s choice is a strategic one and might prove be a great one. After over two decades of security software, software hasn’t been the answer. That doesn’t mean software couldn’t be the answer, however history has thus far shown software as a weak solution. It’s time for a game-changer. This could be the road to that much needed change.

Comments

How can you make AV on a chip work when most AV systems built in software still don't work to the level required to make virii a thing of the past?

Patrick
wrote
re: What to Make of Intel Buying McAfee

on 08-20-2010 9:08 AM

One would think people know not to open executable files. As much as I have drilled it into the users, someone will click an attachment because it looks like it came from someone they know and they were in a hurry so did not stop to think. I just had to get onto someone for that.

So as long as people don't think, virii will spread.

Joe
wrote
re: What to Make of Intel Buying McAfee

on 08-20-2010 9:28 AM

The concept of implementing comprehensive AV at the chip level is not workable.

Software AV systems are periodically updated with virus signature data. The same would be required of any silicon based AV. This means that only the generic part of the AV could be put on chip. The same cycle of catching up with the latest virus would still be present. No gain over software based AV.

Tichaona Dhliwayo
wrote
re: What to Make of Intel Buying McAfee

on 08-20-2010 9:54 AM

"Imagine virus protection at the chip level. The virus uses the chip and it’s processing to do it’s damage. If the chip can refuse access to the virus, the virus is rendered ineffective."

...em how exactly would the processor do this as Joe wrote virus signature data would still be required the same old catch up game. In my view the AV would still work exactly the same resulting in exactly the same problems we have today.

Tichaona Dhliwayo
wrote
re: What to Make of Intel Buying McAfee

on 08-20-2010 9:58 AM

"Imagine virus protection at the chip level. The virus uses the chip and it’s processing to do it’s damage. If the chip can refuse access to the virus, the virus is rendered ineffective."

...em how exactly would the processor do this as Joe wrote virus signature data would still be required the same old catch up game. In my view the AV would still work exactly the same resulting in exactly the same problems we have today.

Eric
wrote
re: What to Make of Intel Buying McAfee

on 08-20-2010 10:16 AM

Virus protection on a chip is a stupid idea. It is possible, on the other hand, to make architectures more secure, but what does McAfee know about that?!

GWAdmin
wrote
re: What to Make of Intel Buying McAfee

on 08-20-2010 10:34 AM

I think that the only reason intel bought McAfee is so they can have entrance to a market where they have no experience. And to get more $$$. And what the heck is virii? I always thought it was viruses...

I would think this is leading to secondary processors that can give a boost to OS-installed antivirus. This could work where the chip-level would work in tandem with av software installed on the OS. However, it needs to be open where AV software from Symantec/Microsoft/Trend Micro or whichever vendor will be able to plug into the new Intel AV processor. I'm scared, though, that this will end up forcing McAfee software to be installed on the OS to supplement it. I can't say many would be crazy about being forced to use McAfee's (or that of any one vendor's) software on their OS. The hardware should not dictate the ISV software vendor used. Freedom of choice should be maintained otherwise Intel may see a stronger migration over to AMD.

ghSea
wrote
re: What to Make of Intel Buying McAfee

on 08-20-2010 11:18 AM

Do you think Intell bought McAfee because they lack antivirus technology or their engineers can't figure it out? Did Coca Cola buy Minute Maid so they could learn how to squeeze oranges and change their formula? This is a business deal, not a technology deal.

And virii is not a word, despite the wiki link; reading that link would show you it's bogus; stop crapping on the english language.

Certainly there would be a software component and virus definitions would need to updated. I think many of you are missing the point in that even though it would require updates, you'd get a much better saturation of virus software.

I think too many of are accepting the status quo...the world is flat, you can't put a man on the moon, etc - all obviously debunked even though it was widely accepted at the time.

I can bet you that Intel and McAfee aren't sitting idly by and accepting the current solutions as good enough.

Mike
wrote
re: What to Make of Intel Buying McAfee

on 08-20-2010 1:17 PM

When Microsoft tried to lock down the kernel to help prevent badstuff from getting into the OS (AKA Defense in depth) to make Windows safer to use, the antivirus folks threatened Microsoft with "antitrust" action claiming that they (the antivirus folks) couldn't ensure that the OS was safe if they couldn't get into the kernel to verify it.

So Microsoft ended up backing down and leaving hooks to the Kernel (leaving Windows more vulnerable) so that the AV folks wouldn't whine.

I don't see AV on a chip being all that successful, I think Intel has another approach in mind, one where the OEMs get a bigger discount on intel chips if they preinstall McAfee.

Andrew
wrote
re: What to Make of Intel Buying McAfee

on 08-20-2010 2:00 PM

Great--so the same technology McAfee uses to slow your computer to a crawl will now be integrated into chips. This is a win for who?

My company designes, developes and implements software that detects intrusions, by network analysis of messages, traces, and tracks hackers and cyber-terrorists. Viruses are in effect not the most critical intrusion. Worms, Trojan horses, and the capability to create "zombie" computers, and networks are more critical. These threats would be difficult to implement on a chip, since the network interface would be affected, rather than the CPU! Unless an EPROM type of programmer chip that access the network interface to prevent intrusions the system defaults to an Anti-Virus situation.

My company designes, developes and implements software that detects intrusions, by network analysis of messages, traces, and tracks hackers and cyber-terrorists. Viruses are in effect not the most critical intrusion. Worms, Trojan horses, and the capability to create "zombie" computers, and networks are more critical. These threats would be difficult to implement on a chip, since the network interface would be affected, rather than the CPU! Unless an EPROM type of programmer chip that access the network interface to prevent intrusions the system defaults to an Anti-Virus situation.

My company designs, develops and implements software that detects intrusions, by network analysis of messages, traces, and tracks hackers and cyber-terrorists. Viruses are in effect not the most critical intrusion. Worms, Trojan horses, and the capability to create "zombie" computers, and networks are more critical. These threats would be difficult to implement on a chip, since the network interface would be affected, rather than the CPU! Unless an EPROM type of programmer chip that access the network interface to prevent intrusions the system defaults to an Anti-Virus situation.

Adam
wrote
re: What to Make of Intel Buying McAfee

on 08-20-2010 3:59 PM

Macafee in my experience is one of the worst antivirus packages out there. If Intel was going to buy a AV company, they could at least buy a good one... It's reminiscent of Intel trying to do graphics processors....

Eswar
wrote
re: What to Make of Intel Buying McAfee

on 08-20-2010 4:28 PM

Here's the deal. No AV can protect you because of zero day exploits. I had winXP running for about 3 yrs without a single virus infection with no AV ever needed. All AVs do are get you messed up with false positives OR making your PCs slow. I use OS X now for other reasons (7 is not bad either). I don't see the necessity for AVS. All I see is education being might necessary.

Daily, we were having customers return heavily compromised machines. And all because Microsoft delivered the OS in a wide-open (most system services running) that let in the nasties. Firewall not fit for purpose, very easily disabled by malware, partly because of the random order that system services were started up.

1. As Tichaona and Joe said before, putting the engine of the AV on the chip is no biggie - but taking care of the updates, well, that is a problem. It would still require action on the part of the malware and re-action on the chip / av-maker side. So, a big fat nothing.

2. One could make an educated guess and think that Intel is trying to implement something like DEP on the chip level. Problem is, there are so many ways to get around that! Yes, it is worth a decent try, but I don't really see it going anywhere.

Besides, just think of false positives. Developers are having a hard enough time writing decent code, without having to worry about some bundled instruction set killing their threads on the lowest level possible.

3. Legal issues! Remember what happened to Microsoft when it started including IE into every copy of Windows? It took some years, but now we have the ballot screen - at least in Europe, we do. Now, imagine what could happen when Intel will start shipping millions of CPU's, chipsets, whatnot, all loaded with a nice version of Intel Antivirus :) The other producers of hardware and antimalware would cry bloody murder - and they would have a legal precedent to lean on. Same thing when Microsoft (who I believe is doing a damn fine job, even in the world of candystore Apple-mania), tried to close down the kernel. All the antimalware spooks started protesting. MS backed down. The results are quite obvious. If this idea will die anywhere, it will be in a court of law.

4. Would this feature be free? I mean Intel is already a pretty premium supplier, as far as price/performance go. Would this added feature result in added costs? Would the updates come as free, or subscription based? That would mean a goodly amount of investment for Intel into a field they don't really have much experience in.

6. Been done before. Remember CIH? The elders of the tribe certainly do. That virus messed up a lot of mainboards and drives. Remember the reaction? Mainboard manufacturers started including TrendMicro and others on the driver disks and some kind of protection on the chip level. Then the idea sort of died on its own. With today's update-the bios-over-the-internet solutions, I wonder when we'll have the same problem again!

7. to STAN: you say that most of us are against progress, world is flat, whatever. Yes, it is true, most of us are kind of pessimistic about this solution. After enough years of work in the IT&C support business, you adopt a "believe it when I see it working" position. Yes, we are sort of conservative. It also saves money and lotsa grief, both for me and my customers.

I think it is a great idea. The hardware must be constructed in a way that the concept of viruses are impossible. Allways wondered why that is not the case.

Ferenc Attila
wrote
re: What to Make of Intel Buying McAfee

on 08-23-2010 8:44 AM

Frank, and how exactly would you do that? Design a hardware that will execute anything but malware?

Maybe some people do not realize it yet, but there is nothing magical about code. For a CPU the code of a game will pretty much look the same as the code from malware WITH NO real-world way of telling the difference between the two, while not slowing to a crawl.

MehGerbil
wrote
re: What to Make of Intel Buying McAfee

on 08-23-2010 9:13 AM

If Intel wants to build in chip level protection what could be the possible benefit of buying a bloated software solution?

I have to agree with the poster who said that they probably want to sell chips at a discount to OEMs that include McAffee only on the systems they sell.

How is this different than a packet sniffer or intrusion detection system that can sniff out malicious code? If those systems can work when at their level it's just bits of data coming across a wire - a set of instructions is far more telling than just bits - then how is it not that a CPU could detect these malicious programs somehow?

Ferenc Attila
wrote
re: What to Make of Intel Buying McAfee

on 08-24-2010 4:49 AM

@Tim, it's not that simple and you damn well know it. Or at least, if you blog about the subject, you should.

Being very close to the bare metal level of the system, you can not do much else then scan everything. Hmm, would anyone care to calculate the bottlenecks and possible problems? Does anyone even remotely remember the KISS principle? Keeping it simple? Obviously not.

Yes, of course, the idea of chip level protection is a nice one. But it has so many caveats to it, that when you really get down to it, it could well be penny wise, pound stupid. Just too many places to go wrong.

Oh, I like what you said - a set of instructions being far more telling than just bits - oh, it is nice indeed. Would you please explain for the general public, how would you tell the difference with decent reliability between a two sets of instructions that move X data set from A to B? One is legal, the other is malware. Please tell the difference :) Please remember, you have to tell the difference in real time, with more than 95% reliability and less than 2% of false positives. Oh, let's multiply the problem by adding more than one processor, more than one core. Let's add a virtual system too on top of everything. Would your chip defense go through it all, reliably? Or would it create more problems than it protects from? Remember again, we are talking about a McAfee solution - not the best and brightest in any case :D

It is very nice to be feel all warm and fuzzy about such a strategic solution, that would solve pretty much everything :) But it would still have to work, without adding bottlenecks, without adding extra costs, without N+1 other possible problems.

Care to give me an estimate for when we will see this in real life? I wouldn't hold my breath that long :P

dahlya
wrote
re: What to Make of Intel Buying McAfee

on 09-01-2010 10:47 AM

The detail I find to be the most important here is that McAfee has made my computer consulting side business a small fortune. If only it actually CAUGHT viruses? Intel, what are you thinking?

I would like to thnkx for your efforts you might have set in creanitg this web site. I'm hoping the same high-grade web site submit from you in the upcoming as well. In fact your creative creanitg abilities has inspired me to obtain my own web site now. Truly the running a blog is spreading its wings quickly. Your write up can be a excellent example of it. 0Was this answer helpful?